StopLurkListen: The problem is, and I'm totally willing to admit it, is I have no idea what's a risk. Don't click on suspicious links in emails, even if I don't know the sender? Got it. Hey, why is my email app blocking *images* in emails, too? Don't tell me -- just displaying a picture in an email can do something malicious?

There was a bug in the JPEG libraries, so that reading a specially formed image would cause a bufferoverrun and let an attacker run arbitrary code. But bugs like this are rare in the wild because of the technical difficulty involved.

The real two reasons (OTTOMH) for hiding images in your e-mail is because someone could be sending you a penis in e-mail, OR, the embedded image might refer to a web site (so that when your e-mail client loads the image from the HTTP server, the server can log that the image was read by a particular mail address.

lordargent:StopLurkListen: The problem is, and I'm totally willing to admit it, is I have no idea what's a risk. Don't click on suspicious links in emails, even if I don't know the sender? Got it. Hey, why is my email app blocking *images* in emails, too? Don't tell me -- just displaying a picture in an email can do something malicious?

There was a bug in the JPEG libraries, so that reading a specially formed image would cause a bufferoverrun and let an attacker run arbitrary code. But bugs like this are rare in the wild because of the technical difficulty involved.

The real two reasons (OTTOMH) for hiding images in your e-mail is because someone could be sending you a penis in e-mail, OR, the embedded image might refer to a web site (so that when your e-mail client loads the image from the HTTP server, the server can log that the image was read by a particular mail address.

Well, there's also the fact that for HTML email, many images have names something like http://server.whatever/SOMETHING_uniquecharacterstringcreatedjustforhi srecepient,jpg, so when the server sees that URL come in, it knows that recipient got the email Some people don't like being tracked. I'm a bit miffed that while gmail generrally allows you to block that shait, they've apparently sold a bypass for that opt out for places like Sam's Club. I get their images whether I have images off or not.

using SMTP and POP3 to do my gmail stuff starting to look better and better.

Vlad_the_Inaner : Well, there's also the fact that for HTML email, many images have names something like http://server.whatever/SOMETHING_uniquecharacterstringcreatedjustforhi srecepient,jpg, so when the server sees that URL come in, it knows that recipient got the email Some people don't like being tracked. I'm a bit miffed that while gmail generrally allows you to block that shait, they've apparently sold a bypass for that opt out for places like Sam's Club. I get their images whether I have images off or not.

Bingo,

// Then they can tie that ID into an IP address. Sure the IP address might eventually change, so ... they would have to send you another e-mail with image (using the same ID in the SRC as before).

Vlad_the_Inaner:lordargent: StopLurkListen: The problem is, and I'm totally willing to admit it, is I have no idea what's a risk. Don't click on suspicious links in emails, even if I don't know the sender? Got it. Hey, why is my email app blocking *images* in emails, too? Don't tell me -- just displaying a picture in an email can do something malicious?

There was a bug in the JPEG libraries, so that reading a specially formed image would cause a bufferoverrun and let an attacker run arbitrary code. But bugs like this are rare in the wild because of the technical difficulty involved.

The real two reasons (OTTOMH) for hiding images in your e-mail is because someone could be sending you a penis in e-mail, OR, the embedded image might refer to a web site (so that when your e-mail client loads the image from the HTTP server, the server can log that the image was read by a particular mail address.

Well, there's also the fact that for HTML email, many images have names something like http://server.whatever/SOMETHING_uniquecharacterstringcreatedjustforhi srecepient,jpg, so when the server sees that URL come in, it knows that recipient got the email Some people don't like being tracked. I'm a bit miffed that while gmail generrally allows you to block that shait, they've apparently sold a bypass for that opt out for places like Sam's Club. I get their images whether I have images off or not.

using SMTP and POP3 to do my gmail stuff starting to look better and better.

StopLurkListen:Vlad_the_Inaner: lordargent: StopLurkListen: The problem is, and I'm totally willing to admit it, is I have no idea what's a risk. Don't click on suspicious links in emails, even if I don't know the sender? Got it. Hey, why is my email app blocking *images* in emails, too? Don't tell me -- just displaying a picture in an email can do something malicious?

There was a bug in the JPEG libraries, so that reading a specially formed image would cause a bufferoverrun and let an attacker run arbitrary code. But bugs like this are rare in the wild because of the technical difficulty involved.

The real two reasons (OTTOMH) for hiding images in your e-mail is because someone could be sending you a penis in e-mail, OR, the embedded image might refer to a web site (so that when your e-mail client loads the image from the HTTP server, the server can log that the image was read by a particular mail address.

Well, there's also the fact that for HTML email, many images have names something like http://server.whatever/SOMETHING_uniquecharacterstringcreatedjustforhi srecepient,jpg, so when the server sees that URL come in, it knows that recipient got the email Some people don't like being tracked. I'm a bit miffed that while gmail generrally allows you to block that shait, they've apparently sold a bypass for that opt out for places like Sam's Club. I get their images whether I have images off or not.

using SMTP and POP3 to do my gmail stuff starting to look better and better.

uncoveror:Are there any websites or programs that still need Java? Uninstall it already.

My gf is in grad school and one of her courses is an online night course - a lot of the students were grousing because the blackboard system requires Java. She just enables it for 2 hours once a week and disables the rest of the time, but I wish they had an alternative.

Stories like this make me more worried for my tech-illiterate family members who click stupid shiat in emails.